I had a very strict vice-principal in school who used to record clips of spectators shown on TV during cricket matches in a desperate bid to catch students who feigned some illness to skip school and head to the stadium instead. Once, a student mustered the courage to write “cricket match” as a reason in his leave letter. The boy’s parents were summoned. When they tried to dwell on their child’s ‘honesty’, the vice-principal shot back: “If someone steals a watch and confesses, will you allow him to keep the watch?” You can imagine how the vice-principal’s snooping would have gone viral had it happened now! In those days one just had the ‘Letters To The Editor’ pages to crib, if at all.
I was reminded of this incident on reading about a hacker who recently broke into Facebook founder Mark Zuckerberg’s wall. The Palestinian cyber wizard Khahil Shreateh claimed that his intention was to expose an alleged security glitch that allowed strangers to post on a user’s wall on the social networking site. And that when his efforts to communicate this to Facebook drew a blank, he chose to attract attention by targeting the founder’s wall.
Now, Facebook has a ‘Bug Bounty’ program that pays out at least $500 to hackers who bring software bugs to the company’s notice. The logic is to reward hackers to report bugs rather than exploit them. Facebook refused to pay Khahil the reward as he “tested vulnerabilities against a real user instead of a test account”. However, an online campaign ‘GoFundMe’ raised over $11,000 as an incentive for exposing a chink that could have affected all of us. Go to Facebook’s ‘Careers’ section and you will find that ‘hackers’ are among other categories of people it officially looks to hire. So is the ‘Bug Bounty’ scheme a way of enlisting freelancers?
I’m tempted to ask: had the networking site been receptive enough to feedback from users, would its founder have faced this embarrassment? How did the Palestinian hacker’s attempts to reach out slip through the cracks? I know it’s easy to sit back and nitpick as opposed to creating something novel and unique.
But why can’t these sites — Facebook, Twitter and Linkedin — have designated officials or groups with e-mail IDs for users to send suggestions and complaints rather than the existing comparatively inconspicuous templates as a reporting mechanism? Surely sites whose business models emanate from online interaction can’t be one-way streets.
How I wish Twitter had a more transparent system of awarding verified signs. How I wish there were more checks to weed out fake ‘followers’. Or, to automatically suspend accounts the moment foul language is used. As a policy, some of these sites only respond to Government authorities. In Facebook’s maiden Transparency Report, it emerges that in the first half of this year India asked for data of 4,144 users, second only to the U.S. Facebook is reported to have complied with half of those requests, ostensibly in “national interest”. How I wish Twitter, which is bursting at its seams with hate tweets, also comes up with a report of handles blocked for abuse. How I wish Linkedin gives us the option of showing the actual number of connections a user has instead of its “500 +” mark. If you have 1000 + connections, will it still say 500 +?
That said, Linkedin has a good system of checking with users who send requests to connect as to whether they are colleagues or classmates and if so, where exactly, based on each user’s own profile information. But you don’t need to be a hacker to detect a loophole here.
From what I’ve seen, a perfect stranger can send you a request to connect on Linkedin by merely choosing the thumbnail ‘friend’. And for some reason, I wonder why there’s another thumbnail ‘I don’t know’ (the account holder to be contacted) because if you select that option in a show of honesty, you will not be able to send out a request but will be greeted with a short sermon. However, it is less condescending than the vice-principal’s take. And for the record, I wasn’t that student!
